What is cyber security?
Cyber security is the means by which businesses can reduce the risk of becoming victims of cyber-attack. The importance of cyber security is ever increasing as organisations and individuals become increasingly reliant on the internet and digital devices. The corresponding threats, including cyber criminals, are becoming more adept in how they try and exploit this data.
Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.
Therefore, the LME takes cyber security very seriously in order to prevent any compromise of the services we offer, and the data we hold. We have a number of technical controls in place, as well as controls we operate internally, and offer the following guidance to help end users support our objectives of minimising the risks to all users.
Cyber security threats to you
There are a number of ways malicious users often try and exploit data.
- Malware, or malicious software is a term to describe any file or program that is intended to disrupt a computer. The multiple methods of delivering malware to a user, some of which are phishing attacks, social engineering and exploits.
- Social engineering is used to deceive and manipulate victims in order to obtain information or gain access to their computer. This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception.
- Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email. It is not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organisations.
- Credential-based Attacks are based on the concept that individuals often use the same credentials across multiple websites and services. This means that compromised credentials on one platform can be re-used to try and gain access to other services.
- Social Media is increasingly used to build relationships and can lead to exploitation in the event you interact with criminals impersonating friendly users.
Improve your security
In response to these methods of cyber-attack, there are multiple ways to make it harder for these individuals to compromise our services and your data.
- Create complex passwords: A good way to create strong, memorable passwords is by using 3 random words. Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if you need to. For example, “RedPantsTree4! Avoid reusing the same password. Instead, use a password manager to store your passwords.
- Enable two-factor authentication (2FA): Two-factor authentication (2FA) helps to stop hackers from getting into your accounts, even if they have your password. Some online banking uses 2FA automatically. It does this by asking for more information to prove your identity, such as a code that is sent to your phone.
- Keep your devices up-to-date: Out-of-date software, apps, and operating systems contain weaknesses. This makes them easier to hack. Companies fix the weaknesses by releasing updates. When you update your devices and software, this helps to keep hackers out. Turn on automatic updates for your devices and software that offer it. This will mean you do not have to remember each time. Do not ignore the update reminders on your devices.
- Back up your data: Backing up means creating a copy of your information and saving it to another device or to cloud storage (online). Backing up regularly means you will always have a recent version of your information saved. This will help you recover quicker if your data is lost or stolen.
- Email Awareness: In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to malicious websites. If unsure, do not click on any links or open attachments in the email. Always verify the sender/email if it is a suspicious looking email.
- Utilise secure email protocols: there are a suite of tools available which can be used to verify the contents and attachments of emails in order to filter out any suspicious emails before they come into your inbox.
- Keep social media accounts secure: Most reputable social media platforms have configurable settings to maintain the security of your account, which you should make sure are enabled. It’s also best not to share anything remotely sensitive on social media, even if it may get you more ‘likes’, and clear out anything historic which is no longer relevant and could be used against you.
- Use secure Wi-fi: Public Wi-fi you can connect to in cafes, train stations, and airports are not secure, and can put any devices you connect with at risk. Use private Wi-fi where possible, but otherwise consider using Virtual Desktop Interfaces to protect your communication.
LME utilises the advice and guidance provided by the National Cyber Security Centre, and has based the above on their recommendations. For further information please visit: https://www.ncsc.gov.uk/